Windows memory scanner for call stack spoofing detection, unbacked shellcode, injected DLLs and in-memory C2 implants.
β37May 22, 2026Updated last month
Alternatives and similar repositories for StackSentry
Users that are interested in StackSentry are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Stack spoofing Detection for CET processes by comparing shadow and user stacks.β36May 22, 2026Updated last month
- A large collection of blogs π¦β13Apr 12, 2025Updated last year
- A compiled language for Windows position-independent x86-64 shellcode and Beacon Object Files.β170Jun 28, 2026Updated 2 weeks ago
- Reversed cassandra source code for educational purposesβ28Jul 3, 2026Updated last week
- abusing windows toast notifications for fun and user manipulationβ105Updated this week
- Simple, predictable pricing with DigitalOcean hosting β’ AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- β37Nov 8, 2024Updated last year
- Proof of concept to detect module stomping detection by looking for modified .pdata sections.β39Jun 11, 2026Updated last month
- Linker for Beacon Object Filesβ191Jun 27, 2026Updated 2 weeks ago
- Microsoft Graph API post-exploitation framework with a browser-based GUI.β51Apr 15, 2026Updated 3 months ago
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.β46Jun 18, 2026Updated 3 weeks ago
- open source implementation of the UDC2 spec used in Cobalt Strikeβ54Jul 4, 2026Updated last week
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itselfβ97Apr 9, 2026Updated 3 months ago
- Activation Context Hijacking Evasion Toolβ293Jun 17, 2026Updated 3 weeks ago
- A collection of PoCs to do common things in unconventional waysβ120Aug 31, 2025Updated 10 months ago
- Bare Metal GPUs on DigitalOcean Gradient AI β’ AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.β134Updated this week
- Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDRβ¦β108Updated this week
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitorβ108Mar 25, 2024Updated 2 years ago
- Official, curated detection content (Sigma, YARA, IOC packs) for the Rustinel endpoint detection engine.β21Updated this week
- A proof-of-concept to demonstrate randomized execution paths and their impact on call stack signatures β ideal for EDR testing, behavior-β¦β24Jan 17, 2026Updated 5 months ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRavenβ269Oct 16, 2024Updated last year
- NailaoLoader: Hiding Execution Flow via Patchingβ24Feb 27, 2025Updated last year
- Windows native ETW inspection suite for browsing providers, reading metadata, consuming live events, recording ETL traces, filtering resuβ¦β86Jun 27, 2026Updated 2 weeks ago
- Polymorphic x64 shellcode loader β indirect syscalls, phantom DLL hollowing, call stack spoofing, patchless AMSI/ETW bypass, zero CRT β¦β23May 24, 2026Updated last month
- End-to-end encrypted cloud storage - Proton Drive β’ AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.β84Jun 15, 2026Updated 3 weeks ago
- Yara rulesβ21Mar 27, 2023Updated 3 years ago
- Surgical UNWIND_INFO preservation for sleep masking without call stack spoofing.β55Mar 30, 2026Updated 3 months ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping techniqueβ182Apr 14, 2026Updated 3 months ago
- A lexer and parser for Sleepβ20Feb 20, 2026Updated 4 months ago
- Cobalt Strike BOF to obtain location dataβ26Jul 4, 2026Updated last week
- β22May 19, 2026Updated last month
- Converts Sigma detection rules to a Splunk alert configuration.β12Jul 1, 2021Updated 5 years ago
- Adaptix C2 agent using Crystal Palace PIC linker and PICO module systemβ98Jun 7, 2026Updated last month
- Deploy on Railway without the complexity - Free Credits Offer β’ AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Monitors ETW for security relevant syscalls maintaining the set called by each unique processβ89May 17, 2023Updated 3 years ago
- Sleep obfuscationβ275Dec 13, 2024Updated last year
- Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan β¦β215Dec 8, 2025Updated 7 months ago
- Using LNK files and user input simulation to start processes under explorer.exeβ34Sep 21, 2024Updated last year
- Advanced OPSEC fork of Donut. Features a Custom in-memory CLR Host, Tail-Jump ETW bypasses, and zero-patch AMSI evasion for stealthy shelβ¦β68Jun 24, 2026Updated 3 weeks ago
- A simple BOF (Beacon Object File) to search files in the systemβ19Dec 2, 2023Updated 2 years ago
- Call Stack Spoofing for Rustβ218Jan 28, 2026Updated 5 months ago